User Synchronization (Provisioning)

User Synchronization, or Provisioning, is a fundamental capability of Eko AD Sync (EkoADC) that ensures user data, accounts, and profile information from your on-premises systems are accurately reflected and maintained within the cloud-hosted Eko application.

Provisioning involves the process of creating, updating, and deleting user accounts across multiple applications and systems. By utilizing EkoADC, Amity Solutions automatically creates your company’s directory on the app, removing the need to add coworkers manually.

1. Supported Synchronization Actions

Eko AD Sync supports a comprehensive set of actions necessary for full lifecycle management of user accounts:

• Insert (Create new users).

• Update (Modify existing user information).

• Delete (Remove users from Eko).

• Upsert (Insert if not present, Update if present).

• Mass users upload (Bulk provisioning).

• Disable user accounts. The system supports handling disabled users, including fetching disabled users by a flag from the Active Directory (AD) or from a file.

Provisioning also includes handling associated information such as user entitlements and group memberships. The synchronization process involves logging and reporting success counts for Create, Update, Disable, and Delete actions.

2. Supported Data Sources

Eko AD Sync is versatile and can pull user data from various sources deployed on the customer's infrastructure:

2.1 Active Directory (AD) Synchronization

EkoADC is primarily configured to talk with Active Directory using the Lightweight Directory Access Protocol (LDAP). This allows EkoADC to fetch user data directly from the customer’s directory service, ensuring that all accounts in the customer directory can be used within the Eko Application.

2.2 File Synchronization (HR System Integration)

EkoADC/IDMAPI supports synchronization using any source as a file, typically used when user profiles are stored in an external database, such as an HR system.

• Format and Delivery: This usually involves data provided in a Comma Separated Value (CSV) file delivered to the EkoADC via FTP/SFTP.

• Requirement: If synchronizing user profiles from a file, the file must contain a user ID (user account) that can be used for mapping and LDAP binding. Field names are not restricted, as we will define a mapping that would allow associating data in the file with data in the Eko Application.

  • Example of file name: /absolute/path/to/file/{YYYY}{MM}{DD}.csv

• Important Note: File synchronization should generally be used for user profile synchronization only. Directory software that supports LDAP is still required for user authentication, as seen in some use cases, where users are provisioned from HR DB files but authenticate against AD.

3. Advanced Synchronization Features.

In addition to core provisioning, Eko AD Sync supports more powerful features:t

• Avatar sync. EkoADC configuration includes options to enable avatar updates, specifying file paths and naming conventions.

• Password generator.

• Notification service with a Bot.

• Handling of the Directory Group synchronization.

• Handling Duplicate Users (Domain Priority Logic)